As the popularity of the Internet has grown, the proliferation of computer malware has become more common. A typical computer malware is a program or piece of code that is loaded onto a computer and/or performs some undesired actions on a computer without the knowledge or consent of the computer operator. Some widespread, well-known and dangerous types of computer malware include computer viruses, which are programs or pieces of code that are loaded onto a computer without the user's knowledge and may proliferate further and/or damage the computer or other computers, and computer worms, which are programs or pieces of code that replicates themselves over a computer network and usually perform malicious actions.
Along with the proliferation of computer viruses and other malware has come a proliferation of software to detect and remove such viruses and other malware. This software is generically known as anti-virus software or programs. In order to detect a virus or other malicious program, an anti-virus program typically scans files stored on disk in a computer system and/or data that is being transferred or downloaded to a computer system, or that is being accessed on a computer system, and compares the data being scanned with profiles that identify various kinds of malware. The anti-virus program may then take corrective action, such as notifying a user or administrator of the computer system of the virus, isolating the file or data, deleting the file or data, etc.
One common source of computer viruses is files that are downloaded from the Internet. Such files are most advantageously scanned when they are downloaded. In order to standardize malware scanning in a network environment, the scanning functionality may be implemented on a server that is connected between the computer that is requesting the download and the Internet. There are two problems that arise in such an environment. First, the server platform that is performing the scanning has a limited network throughput. Second, the scanning engine has inherently limited performance scanning files.
One of the deficiencies of download scanning is that the scanning server must first download a file to be scanned in its entirety, before scanning, scan the file, and then transfer the file in its entirety to the user's machine. This has two drawbacks: 1) the latency incurred by first downloading the file to the scanning server, followed by the scan, followed by the second transfer; 2) the user perception that “nothing is happening” until the second transfer begins.
A need arises for a technique for scanning downloaded files that provides improved performance relative to conventional download scanning techniques.